Generating malware definition data for mobile computing devices

US 7,401,359 B2
Filed: 12/21/2001
Issued: 07/15/2008
Est. Priority Date: 12/21/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product embodied on a tangible computer readable medium for controlling a computer to generate mobile computing device malware definition data for use by a mobile computing device malware scanner executable upon a mobile computing device, said computer program product comprising:

obtaining code operable to obtain from a data source master malware definition data, said master malware definition identifying a plurality of items of malware each belonging to one of a plurality of classes of malware threat;

identifying code operable to identify one or more classes of malware threat against which said mobile computing device is to be protected; and

generating code operable to generate from said master malware definition data said mobile computing device malware definition data, said mobile computing device malware definition data identifying items of malware identified within said master malware definition data which are within classes of malware threat against which said mobile computing device is to be protected;

wherein said obtaining code, said identifying code and said generating code are executed by a fixed location computing device, said fixed location computer being operable to transfer to said mobile computing device one or more computer files including at least, a computer file containing said mobile computer device malware definition data;

wherein said fixed location computing device stores profile data identifying one or more different types of mobile computing device to which said fixed location computing device transfers computer files and corresponding threat data identifying one or more classes of malware threat to which each of said mobile computing devices is vulnerable;

wherein only a subset of said master malware definition data is used to generate said mobile computing device malware definition data for tailoring said mobile computing device malware definition data to accommodate malware threats to which said mobile computing device is vulnerable;

wherein said one or more classes of malware threat against which said mobile computing device is to be protected are chosen according to classes of malware threat known to pose a problem to said mobile computing device, and classes for which it is desired to protect said mobile computing device according to user defined policies;

wherein fixed location computing device also transfers a malware scanner computer program from said data source to said mobile computing device; and

wherein said fixed location computing device checks for an undated malware scanner computer program becoming available from said data source and, if such an undated malware scanner computer program become available, then obtains said undated malware scanner computer program for transfer to said mobile computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Malware definition data for mobile computing devices 2 is generated from master malware definition data 44 by selecting those classes of malware threat to which the mobile computing device is vulnerable and then selecting the matching malware items from within the master malware definition data. A PC 6 to which the mobile computing device may be connected is responsible for downloading an updated version of the master malware definition data for its own use and generates appropriate mobile computing device malware definition data for transfer to the mobile computing device when it is connected to the PC. The scanner programs of both the PC and the mobile computing device may be similarly updated.

191 Citations

37 Claims

1. A computer program product embodied on a tangible computer readable medium for controlling a computer to generate mobile computing device malware definition data for use by a mobile computing device malware scanner executable upon a mobile computing device, said computer program product comprising:
- obtaining code operable to obtain from a data source master malware definition data, said master malware definition identifying a plurality of items of malware each belonging to one of a plurality of classes of malware threat;
  
  identifying code operable to identify one or more classes of malware threat against which said mobile computing device is to be protected; and
  
  generating code operable to generate from said master malware definition data said mobile computing device malware definition data, said mobile computing device malware definition data identifying items of malware identified within said master malware definition data which are within classes of malware threat against which said mobile computing device is to be protected;
  
  wherein said obtaining code, said identifying code and said generating code are executed by a fixed location computing device, said fixed location computer being operable to transfer to said mobile computing device one or more computer files including at least, a computer file containing said mobile computer device malware definition data;
  
  wherein said fixed location computing device stores profile data identifying one or more different types of mobile computing device to which said fixed location computing device transfers computer files and corresponding threat data identifying one or more classes of malware threat to which each of said mobile computing devices is vulnerable;
  
  wherein only a subset of said master malware definition data is used to generate said mobile computing device malware definition data for tailoring said mobile computing device malware definition data to accommodate malware threats to which said mobile computing device is vulnerable;
  
  wherein said one or more classes of malware threat against which said mobile computing device is to be protected are chosen according to classes of malware threat known to pose a problem to said mobile computing device, and classes for which it is desired to protect said mobile computing device according to user defined policies;
  
  wherein fixed location computing device also transfers a malware scanner computer program from said data source to said mobile computing device; and
  
  wherein said fixed location computing device checks for an undated malware scanner computer program becoming available from said data source and, if such an undated malware scanner computer program become available, then obtains said undated malware scanner computer program for transfer to said mobile computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 35, 36, 37)
- - 2. A computer program product as claimed in claim 1, wherein said fixed location computing device is a user computer having communication link with said mobile computing device.
  - 3. A computer program product as claimed in claim 1, wherein, when said mobile computing device is connected to said fixed location computing device, different versions of user generated computer files respectively stored by said mobile computing device and said fixed location computing device are synchronized.
  - 4. A computer program product as claimed in claim 3, wherein said mobile computing device malware definition data is transferred from said fixed location computing device to said mobile computing device during said synchronization.
  - 5. A computer program product as claimed in claim 3, when said mobile computing device is connected to said fixed location computing device, versions of said mobile computing device malware definition data stored on said mobile computing device and said fixed location computing device are compared, and, if said fixed location computing device has a more up-to-date version of said mobile computing device malware definition data, then said more up-to-date version of said mobile computing device malware definition data is transferred from said fixed location computing device to said mobile computing device.
  - 6. A computer program product as claimed in claim 1, wherein user controlled policy data is used in combination with said threat data to control against which classes of malware threat said mobile computing device is protected by said mobile computing device malware definition data.
  - 7. A computer program product as claimed, in claim 1, wherein said different types of mobile computing device correspond to different types of operating system computer programs used by mobile computing devices.
  - 8. A computer program product as claimed in claim 1, wherein said fixed location computer device detects to which mobile computing devices it transfers computer files by detecting installation upon said fixed location computing device of one or more transfer controlling computer programs operable to control transfer of computer flies to one or more predetermined mobile computing devices.
  - 9. A computer program product as claimed in claim 1, wherein said fixed location computing device checks for updated master malware definition data becoming available from said data source and, if such updated master malware definition data becomes available, then repeats said steps of obtaining, identifying and generating.
  - 10. A computer program product as claimed in claim 1, wherein said master malware definition data is also used to protect said fixed location computing device from malware.
  - 11. A computer program product as claimed in claim 1, wherein said fixed location computing device is connected to said data source by a fixed internet link.
  - 12. A computer program product as claimed in claim 1, wherein said items of malware include one or more of a computer virus, a worm, a Trojan, a banned computer file, a banned word and a banned image.
  - 35. The computer program product as claimed in claim 1, wherein said fixed location device stores policy data including user defined settings identifying the manner in which said profile data is to be interpreted.
  - 36. A computer program product as claimed in claim 1, wherein said one or more classes of malware threat against which said mobile computing device is to be protected are chosen according to said classes of malware threat known to pose a problem to an operating system of said mobile computing device.
  - 37. A computer program product as claimed in claim 1, wherein at least a portion of said mobile computing device malware definition data poses a problem only to said mobile computing device and not to said fixed location computing device.

13. A method of generating mobile computing device malware definition data for use by a mobile computing device malware scanner executable upon a mobile computing device, said method comprising the steps of:
- obtaining from a data source master malware definition data, said master malware definition identifying a plurality of items of malware each belonging to one of a plurality of classes of malware threat;
  
  identifying one or more classes of malware threat against which said mobile computing device is to be protected; and
  
  generating from said master malware definition data said mobile computing device malware definition data, said mobile computing device malware definition data identifying items of malware identified within said master malware definition data which are within classes of malware threat against which said mobile computing device is to be protected;
  
  wherein said steps of obtaining, identifying and generating are performed by a fixed location computing device, said fixed location computer being operable to transfer to said mobile computing device one or more computer files including at least a computer file containing said mobile computer device malware definition data;
  
  wherein said fixed location computing device stores profile data identifying one or more different types of mobile computing device to which said fixed location computing device transfers computer files and corresponding threat data identifying one or more classes of malware threat to which each of said mobile computing devices is vulnerable;
  
  wherein only a subset of said master malware definition data is used to generate said mobile computing device malware definition data for tailoring said mobile computing device malware definition data to accommodate malware threats to which said mobile computing device is vulnerable;
  
  wherein fixed location computing device also transfers a malware scanner computer program from said data source to said mobile computing device; and
  
  wherein said fixed location computing device checks for an undated malware scanner computer program becoming available from said data source and, if such an updated malware scanner computer program become available, then obtains said updated malware scanner computer program for transfer to said mobile computing device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. A method as claimed in claim 13, wherein said fixed location computing device is a user computer having communication link with said mobile computing device.
  - 15. A method as claimed in claim 13, wherein, when said mobile computing device is connected to said fixed location computing device, different versions of user generated computer files respectively stored by said mobile computing device and said fixed location computing device are synchronized.
  - 16. A method as claimed in claim 15, wherein said mobile computing device malware definition data is transferred from said fixed location computing device to said mobile computing device during said synchronization.
  - 17. A method as claimed in claim 15, when said mobile computing device is connected to said fixed location computing device, versions of said mobile computing device malware definition data stored on said mobile computing device and said fixed location computing device are compared, and, if said fixed location computing device has a more up-to-date version of said mobile computing device malware definition data, then said more up-to-date version of said mobile computing device malware definition data is transferred from said fixed location computing device to said mobile computing device.
  - 18. A method as claimed in claim 13, wherein user controlled policy data is used in combination, with said threat data to control against which classes of malware threat said mobile computing device is protected by said mobile computing device malware definition data.
  - 19. A method as claimed in claim 13, wherein said different types of mobile computing device correspond to different types of operating system computer programs used by mobile computing devices.
  - 20. A method as claimed in claim 13, wherein said fixed location computer device detects to which mobile computing devices it transfers computer files by detecting installation upon said fixed location computing device of one or more transfer controlling computer programs operable to control transfer of computer files to one or more predetermined mobile computing devices.
  - 21. A method as claimed in claim 13, wherein said fixed location computing device checks for updated master malware definition data becoming available from said data source and, if such updated master malware definition data becomes available, then repeats said steps of obtaining, identifying, and generating.
  - 22. A method as claimed in claim 13, wherein said master malware definition data is also used to protect said fixed location computing device from malware.
  - 23. A method as claimed in claim 13, wherein said fixed location computing device is connected to said data source by a fixed internet link.
  - 24. A method as claimed in claim 13, wherein said items of malware include one or more of a computer virus, a worm, a Trojan, a banned computer file, a banned word and a banned image.

25. Apparatus for generating mobile computing device malware definition data for use by a mobile computing device malware scanner executable upon a mobile computing device, said apparatus comprising:
- obtaining logic operable to obtain from a data source master malware definition data, said master malware definition identifying a plurality of items of malware each belonging to one of a plurality of classes of malware threat;
  
  identifying logic operable to identify one or more classes of malware threat against which said mobile computing device is to be protected; and
  
  generating logic operable to generate from said master malware definition data said mobile computing device malware definition data, said mobile computing device malware definition data identifying items of malware identified within said master malware definition data which are within classes of malware threat against which said mobile computing device is to be protected;
  
  wherein said obtaining logic, said identifying logic and said generating logic are provided by a fixed location computing device, said fixed location computer being operable to transfer to said mobile computing device one or more computer files including at least a computer file containing said mobile computer device malware definition data;
  
  wherein said fixed location computing device stores profile data identifying one or more different types of mobile computing device to which said fixed location computing device transfers computer files and corresponding threat data identifying one or more classes of malware threat to which each of said mobile computing devices is vulnerable;
  
  wherein only a subset of said master malware definition data is used to generate said mobile computing device malware definition data for tailoring said mobile computing device malware definition data to accommodate malware threats to which said mobile computing device is vulnerable;
  
  wherein fixed location computing device also transfers a malware scanner computer program from said data source to said mobile computing device; and
  
  wherein said fixed location computing device checks for an undated malware scanner computer program becoming available from said data source and, if such an undated malware scanner computer program become available, then obtains said undated malware scanner computer program for transfer to said mobile computing device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 26. An apparatus as claimed in claim 25, wherein said fixed location computing device is a user computer having communication link with said mobile computing device.
  - 27. An apparatus as claimed in claim 25, wherein, when said mobile computing device is connected to said fixed location computing device, different versions of user generated computer files respectively stored by said mobile computing device and said fixed location computing device are synchronized.
  - 28. An apparatus as claimed in claim 27, wherein said mobile computing device malware definition data is transferred from said fixed location computing device to said mobile computing device during said synchronization.
  - 29. An apparatus as claimed in claim 27, when said mobile computing device is connected to said fixed location computing device, versions of said mobile computing device malware definition data stored on said mobile computing device and said fixed location computing device are compared, and, if said fixed location computing device has a more up-to-date version of said mobile computing device malware definition data, then said more up-to-date version of said mobile computing device malware definition data is transferred from said fixed location computing device to said mobile computing device.
  - 30. An apparatus as claimed in claim 25, wherein user controlled policy data is used in combination with said threat data to control against which classes of malware threat said mobile computing device is protected by said mobile computing device malware definition data.
  - 31. An apparatus as claimed in claim 25, wherein said different types of mobile computing device correspond to different types of operating system computer programs used by mobile computing devices.
  - 32. An apparatus as claimed in claim 25, wherein said fixed location computer device detects to which mobile computing devices it transfers computer files by detecting installation upon said fixed location computing device of one or more transfer controlling computer programs operable to control transfer of computer files to one or more predetermined mobile computing devices.
  - 33. An apparatus as claimed in claim 25, wherein said fixed location computing device checks for updated master malware definition data becoming available from said data source and, if such updated master malware definition data becomes available, then repeats said steps of obtaining, identifying and generating.
  - 34. An apparatus as claimed in claim 25, wherein said master malware definition data is also used to protect said fixed location computing device from malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gartside, Paul Nicholas, Cowie, Neil Andrew
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Besrour; Saoussen

Application Number

US10/023,852
Publication Number

US 20030120951A1
Time in Patent Office

2,398 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/562   Static detection

H04L 63/145   the attack involving the pr...

H04W 12/128   Anti-malware arrangements, ...

Generating malware definition data for mobile computing devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

191 Citations

37 Claims

Specification

Use Cases

Quick Links

Others

Generating malware definition data for mobile computing devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

191 Citations

37 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others